The Human Rights Blog of the Leitner Center for International Law and Justice

Category Archives: Security and Human Rights

Recent terrorist attacks in San Bernardino, Brussels and South Carolina have led government officials to increase pressure on major tech companies to take greater measures to help security agencies monitor terrorist activities. This has led to a vigorous debate on the issues of corporate responsibility, individual privacy rights and the government’s ability to monitor terrorist activities. This is the second post in a two-part series about technology, terrorism and human rights. This post will analyze the various positions in this debate, and consider the how the government and tech companies can work together to effectively combat the root causes of radicalization and terrorism while still upholding fundamental human rights.

THE ENCRYPTION DEBATE

With the rise of internet communications, terrorist groups have been using email, messaging applications, online forums and other internet tools to recruit members and plan attacks. Many government officials have firmly argued that tech companies must take greater measures to provide security agencies with data that will help them monitor this extremist activity.

But even if many companies wanted to comply, private messaging systems such as WhatsApp and iMessage automatically encrypt messages, meaning that they are secretly encoded and cannot be read without a key. Thus, companies cannot turn over messages to law enforcement because they have no mechanism of retrieving them. This predicament has sparked a fierce debate over how to monitor and combat terrorist activities on the internet. Many officials argue that tech companies there should create a backdoor—a way for a “secure” system to be accessed through coding or other vulnerabilities—in various applications for law enforcement officials to use when investigating criminal activity.

However, critics, including many leading figures in the tech industry, caution that creating a backdoor to encrypted applications may open a whole new can of worms. Tech companies point out that if any backdoor exists, hackers will eventually find it and reduce data security for all individuals. The BBC notes that if major companies were required by law to introduce back doors, terrorists would simply utilize other platforms, such as free add-on applications that automatically encrypt messages. This would make gathering information even more difficult for security agencies. A backdoor would leave services for innocent individuals far less secure, while dangerous people would be operating on systems that are even harder to gain access to. Furthermore, tech companies such as Microsoft, Google, Apple and Yahoo vowed to protect the privacy of their users from government surveillance by making encryption a default option after the NSA surveillance scandal in the US and UK. Opening up a backdoor would backslide on their promise and endanger individuals’ right privacy on the internet.

Aside from privacy and security concerns, the efficient use of these back doors would also be a challenge. While implementing a system that scanned every online message for extremist or terrorist keywords and hate speech is technically feasible, with approximately 1.3 billion internet users around the world, the number of cases that could be labeled as potential threats would be overwhelmingly high. This type of wide-scale reporting to authorities would be an immense undertaking for tech companies like Facebook, according to the BBC.

CURBING TERRORISM IN OTHER WAYS

Despite the impasse between the government and tech companies on the encryption debate, there are still a myriad of ways tech companies can and do cooperate with the government to help tackle terrorism. For example, Alan Woodward, a cybercrime consultant, says that encrypted messages can be useful in combating terrorist attacks because they still reveal metadata, such as information about who talked to whom and for how long. He explained that metadata was used to arrest the attackers who carried out the attacks in Paris in November 2015. Security agencies can use link analysis to figure out communication patterns and identify potential threats or sources of information.

Internet Protocol addresses (IP addresses), unique identifying numbers assigned to any devices connected to the internet, are also important in the fight against extremism and terrorism. Tracing the IP addresses of recruitment messages and their followers can help intelligence agencies determine the identities of supporters and potential recruits. Tech companies such as Google have complied with the government’s requests for IP address information and if tech companies continue to help track encrypted messages and IP addresses, they could contribute immensely to the fight for security.

When it comes to website content, tech companies could work to block, delete or monitor extremist and hateful content. Companies such as Google do not allow hateful content that incites violence or extremely “graphic or gratuitous” violent content on their platforms. This is usually taken to include violent videos of beheadings used by the Islamic State of Iraq and Syria (ISIS) as scare tactics and recruitment messages. However, since there is no algorithm that can prevent the uploading of violent or extremist content, companies are largely dependent on users to flag inappropriate content, which is typically removed within a few hours. Similarly, other tech companies do not have a mechanism to stop the creation of new extremist websites. While Europe is developing a police team specializing in monitoring ISIS terrorist activities and blocking jihadi sites online, developing a way to quickly delete or prevent the creation of these sites may be helpful. In instances when leaving websites or forums up may be helpful, tech companies and the government could work to monitor or infiltrate extremist groups to gather intelligence, as has already been done by Ghost Security Group, a hacker group committed to the fight against extremism.

HUMAN RIGHTS IMPLICATIONS

As human rights advocates have pointed out, if tech companies are pressured to lessen encryption, create backdoors for the government to investigate terrorist activities and hand over user data, it could be problematic for the basic privacy and free speech rights of many individuals. Many notable factors make it hard for the people to believe that turning over more data to the government will actually make society safer. Firstly, there has been significant mistrust of the government after the U.S. National Security Agency surveillance scandal was exposed by Edward Snowden. After this leak, governments around the world considered and passed pieces of legislation allowing for widespread surveillance of their populace. To address this issue, the United Nations General Assembly adopted resolution 68/167 in December 2013, which reaffirmed internet and technology users’ right to privacy in the digital age.

Secondly, even if the government is given users’ data, there is a good chance that they will not use it. Daryl Johnson, former Analyst at the U.S. Department of Homeland Security, pointed out that right-wing extremist groups were not being monitored effectively (or at all) in the U.S. despite the sharp increase in domestic terrorism carried out by right-wing groups. Right-wing terrorists, such as Dylann Roof and Timothy McVeigh, are known for leaving hateful online manifestos and plans of action. This information was public and the government had full access to it. Instances like these indicate that even if the government is granted access to personal information of individuals, there is no guarantee this data will be analyzed effectively and accurately.

Moreover, several national laws, such as the U.S. Patriot Act, already offer the government significant access to the online activities of individuals and have been criticized for their overreach and lack of privacy protection. After the Charlie Hebdo attacks, France passed a sweeping surveillance bill, similar to the U.S. Patriot Act, to which the U.N. Human Rights Council voiced serious concern for its lack of oversight. Prime Minister Manuel Valle responded to the passage of this bill by saying, “France now has a secure framework against terrorism.” The most recent attacks in Paris, which took place after this law went into effect, suggest that sweeping surveillance powers do not function as a “secure framework against terrorism.” Rather, tech companies and the government need to work together to create a safer system that helps monitor hate speech and terrorist recruitment methods while protecting individual privacy rights.

WHAT WE CAN DO

It is clear that reactionary measures will not prevent future terrorist attacks. U.S. Government forces killed Osama Bin Laden, but now has to contend with ISIS. Hundreds of jihadist sites and accounts have been shut down, just to see more accounts opened. The U.S. and France passed bills granting the government sweeping surveillance powers, which did not prevent the most recent attacks in Paris and San Bernardino. While we focus on foreign terrorist threats, right-wing extremist groups are allowed to organize with almost no oversight and consequences. Effectively combating terrorism will require a two-pronged approach: (1) the government must attack the root of the problem by understanding the socioeconomic conditions which create terrorist breeding grounds, promote recruitment and allow for certain threats to go overlooked; and (2) the government and tech companies must find a way to work together to enhance security and stop hateful speech while simultaneously protecting privacy and free speech rights.

David Mair, a cyber-terrorism researcher at Swansea University, told the BBC that poverty, social exclusion and a lack of positive role models for young Muslim men all drive radicalization. Tackling these core issues will help the West overcome credibility issues with potential extremist recruits and engage individuals in more meaningful ways. He explained that extremist groups are reaching out to alienated young men in the West and offering them an opportunity to join a brotherhood in Syria where they can fit in. Mair argued that this propaganda can be countered by demonstrating why life under ISIS is not utopian and how the religious arguments made by these extremist groups are false. The government must also act to counter the drastic increase in hate crimes against Muslims after the Paris attacks. These bias crimes further exacerbate racial and religious tensions, and promote further radicalization instead of combating the root of the problem.

In line with these actions, spreading truthful facts and thwarting hate speech is also necessary in combating terrorism. After a recent attack on a Planned Parenthood, the Governor of Colorado noted that it was time to tone down the rhetoric that “is inflaming people to the point where they can’t stand it, and they go out and they lose connection with reality in some way and commit these acts of unthinkable violence.” We must do more to monitor and stop right-wing extremism and hate speech that incites violence.

Responding with force after lives have been lost is a reactionary measure that will not eradicate the root of the problem. Our methods to combat terrorism have been failing, and we need to start attacking terrorism comprehensively, from implementing new ways to track terrorist activity online to preventing radicalization and the socioeconomic conditions that foster terrorist breeding grounds. Tech companies and the government can also work together to implement creative mechanisms that monitor important data and thwart hate or extremist speech. If tech companies keep moving in a socially-responsible direction and the government begins to effectively and accurately analyze the data they have, then the internet can become a powerful tool in preventing future terrorist attacks in a rights-respecting way. This type of private-public partnership, coupled with policies promoting education, health care, economic stability and human rights, will be the only effective way to prevent terrorism.

Shruti Banerjee is a 2L at Fordham Law School.

The views expressed in this post remain those of the individual author and are not reflective of the official position of the Leitner Center for International Law and Justice, Fordham Law School, Fordham University or any other organization.

The recent terrorist attacks in Belgium and France as well as the rise of right-wing violence in the U.S. have raised many questions about the role tech companies and internet service providers play in monitoring terrorist recruitment and activities. While some terrorists, such as Dylann Roof, who shot nine African-Americans in a South Carolina church, leave blatant manifestos online , others, such as the Islamic State in Iraq and Syria (ISIS) and right-wing groups in Europe, use the internet in more nuanced ways to recruit members and plan attacks. To effectively prevent terrorist activity we need to examine each of these methods.

This is the first in a two-part series about technology, terrorism and human rights. This post will explore how the internet has been used by terrorist groups to recruit members and plan attacks. A second post will discuss the corporate responsibility of tech companies in national security and human rights issues. It will also explore how people are using the internet to combat terrorism and how we can continue to prevent radicalization leading to attacks.

ONLINE RADICALIZATION AND RECRUITMENT

Understanding how technology has transformed the way we communicate is particularly important in an era when internet communication and mass messaging have been used as tools by militant organizations such as ISIS and domestic right-wing terrorist groups to promote their message and recruit new members.

Recruitment methods used by extremist Islamic groups are more nuanced and refined than blatant proclamations to support terrorist organizations. David Mair, a cyber-terrorism researcher at Swansea University, collaborated with the University of Massachusetts’ Center for Terrorism and Security Studies to analyze jihadist messages in online terrorist magazines. He notes there are key differences in ideology that drove messaging – most notably between the Islamic State and Al-Qaeda: while ISIS’ propaganda promotes the creation of a state governed by Sharia law, Al-Qaeda’s message typically focuses on jihad against oppressive western nations and promoting individuals to act alone in planning and executing attacks. These recruitment and attack planning methods are fundamentally different and require separate countering strategies, Mair said.

Muslim extremists have used various types of subtle propaganda to recruit members, such as promoting news stories of Western oppression and disguising extremist sites as religious sites. In an interview with the BBC, Sajid, a 16-year-old student in London whose brother was radicalized discusses how he was almost radicalized too. He opened a fake twitter account to learn more about ISIS after his brother left for Syria to join them. He told BBC over an encrypted chat application that he was surprised that no one in ISIS actually told him to support ISIS or move to Syria. The process of radicalization happened when he watched videos and encountered messages about Sunni oppression. This propaganda is used to incite anger in its viewers and create a community. Sajid said he caught himself becoming “heart-hardened” by this propaganda, but was eventually able to reject ISIS’s message. “After reading about Shia crimes against local Sunnis, I remember watching a video of an execution of an Iraqi soldier and thinking, ‘Good.’ This shocked me afterwards…I questioned my conscience, and my results were that I did not support ISIS with my heart at all,” Sajid said in the interview.

This type of subtle propaganda makes it more difficult to discern and dissuade potential recruits because actual news of attacks can be used as propaganda. Since it would pose a freedom of speech issue to censor these types of news stories, governments have a hard time cracking down on radicalization and recruitment. Monitoring and curbing extremist propaganda becomes even more complicated when it comes to religious messages aimed at recruiting young women and men. Extremists target young adults through websites posing as educational in nature, Sara Khan, Director at the anti-extremist group Inspire, explained to BBC News in an interview. Youth innocently searching for information about their faith can be unaware they have stumbled across extremist groups, Khan said. These recruitment sites often utilize religious language to convince the reader that their view is the proper interpretation of Islam. They exploit religion to recruit youth who have not learned much about their faith and cannot critically analyze the extremist interpretation.

Xenophobia in western countries and promises of a utopian state are other tools used by terrorists to recruit members from the west, Qari Asim, Senior Imam at Makkah Mosque in the United Kingdom, said in an interview with BBC. He recently visited Calais, a make-shift refugee camp in France, and met refugees who fled ISIS-controlled regions. These refugees explained that some young Muslims are leaving Britain to join ISIS because they didn’t feel like they belonged in England. According to Asim, ISIS is running a “sophisticated media strategy” to promote an anti-establishment view that appeals to many young people. He and his group are actively trying to prevent recruitment by utilizing social media strategies to engage with young people and spread truthful messages exposing the unpleasant realities of life under ISIS and combating xenophobia in the west.

Right-wing terrorist groups in Europe and the United States have used similar nuanced methods to spread their propaganda. Right-wing groups usethe internet and technology to recruit members, create “virtual communities,” organize demonstrations and campaigns and promote violence. Like religious extremist organizations, these groups are targeting the youth and using the anonymity of the internet as cover. Essentially, they are trying to gain support by promoting “distorted accounts of social circumstances” on the internet, according to a report by the domestic intelligence service of Germany, Bundesamt für Verfassungsschutz (BfV). This report goes on to explain that controversial topics, such as immigration policy, are covered from an ideological point of view, making the intentions of the extremist less obvious to many readers.

Furthermore, right-wing extremist groups are often allowed to organize and disseminate their propaganda without much push-back from the government. In fact, the U.S. government has tended to focus on foreign terrorist threats, despite how domestic terrorism has killed more Americans since 9/11. Especially in the U.S., there is virtually no monitoring of right-wing extremist groups. The wide availability of this right-wing extremist propaganda and manifestos on the internet has led to radicalization and even attacks, such as Benjamin Smith’s shooting spree targeting minorities in Illinois and Indiana in 1999.

MASKING THEIR TRACKS

Extremists are cautious about internet security while using social media, blogs and video sites to recruit members and mobilize. ISIS militants avoid using high-profile communication companies, such as iMessage or WhatsApp, Peter Sommer, a digital forensics expert, told the BBC. Rather, terrorists efficiently find systems that offer its users simple ways to use encryption, a way of encoding messages so that only authorized people can read them, Sommer said. BfV reported that right-wing extremist circles have also started offering internet “security trainings” to teach others how to encrypt data.

Similarly, jihadi bulletin boards are filled with posts about free application add-ons to encrypt messages, Alan Woodward, a security expert, told the BBC. These encrypted messages pose a large hurdle for government agencies trying to monitor extremist activities and prevent attacks. The availability of encrypted systems makes the government security agencies crackdown “absolutely pointless” because terrorist are using off the record protocol, providing them end-to-end encryption, Woodward explained. This means that it is incredibly difficult for anyone, including tech companies providing these services, to intercept and decode the message.

Going after big tech firms would not entirely solve the problem, Woodward said, because even if these companies stopped providing off the record protocol, there are numerous sites providing free add-ons to encrypt messages. Since these encrypted messages are significantly harder to monitor than open manifestos, this has led to a contentious debate between tech companies who provide these services and the government who needs to stop terrorist activities about the responsibility of private companies in the fight against terrorism.

CONCLUSION

From New York to Bombay and Paris to Beirut, we can all fall victim to the devastation caused by terrorism, which poses a significant threat to security, stability and human rights. Our socioeconomic status and borders cannot protect us, leaving us all united under a common threat. The pervasiveness of this threat makes it even more important to understand how we can effectively stop it. This could mean countering the various recruitment methods used by extremist groups or urging the government and tech companies to work together to monitor terrorist activities on the internet. The second post in this series will discuss the debate between tech firms and the government over access to encrypted messages, privacy concerns and collaborative, rights-respecting solutions to some issues posed by terrorism.

Shruti Banerjee is a 2L at Fordham Law School.

The views expressed in this post remain those of the individual author and are not reflective of the official position of the Leitner Center for International Law and Justice, Fordham Law School, Fordham University or any other organization.

Guatemala is an excellent place to escape the consequences of committing murder. According to official 2013 figures, only 2 percent of crimes are prosecuted. Honduras and El Salvador present similar opportunities to murder with impunity and have criminal violence levels to match. According the United Nations Office on Drugs and Crime (UNODC), the three countries of Central America’s “northern triangle” have faced homicide rates above 40 murders per 100,000 inhabitants for much of the last decade. The high levels of violence are the result of a myriad of factors, including the entry of Mexican drug trafficking organizations into Central America, deteriorating socio-economic conditions and an increase in gang-related violence. However, the governments of the region have poured gasoline on the fire by adopting shortsighted security strategies that sacrifice human rights for a false sense of security.

In the face of the security crisis, the governments of the region have chosen to follow security strategies that emphasize arrests and violent action over effective prosecutions and institutional reform. Over 20,000 soldiers are currently deployed in a public security role in Guatemala and the government recently announced the creation of an inter-agency task force to address drug trafficking that includes military personnel. Simultaneously, the administration of President Otto Pérez Molina has undermined efforts to reduce impunity and increase accountability for abuses by security forces. In an opaque decision that many saw as motivated by outside forces, the Constitutional Court removed the Attorney General from office seven months before her term was due to end. Pérez Molina has also announced that the mandate of the United Nations-backed International Commission Against Impunity in Guatemala (CICIG), which has supported efforts to investigate and prosecute organized crime, will not be renewed when it expires in 2015. Guatemala’s neighbors have followed a similar path.

Honduras deployed the military to carry out public security duties in 2011 and created a military police force that has the power to carry out arrests and seize control of violent neighborhoods in 2013. In 2014, the military police was deployed. Despite these drastic actions, the 2015 murder rate in the country remained the highest in the world. As in Guatemala, the aggressive security strategy has been accompanied by an assault on judicial and prosecutorial independence. Four judges that were removed from the Supreme Court’s Constitutional Chamber in 2012 reported being subject to police harassment and death threats. Even more alarmingly, over 40 judges have been suspended by the Council of the Judiciary, a body created in 2011 and given authority to appoint and dismiss judges that has been criticized for lacking safeguards against political interference.

The director of the El Salvador’s national police recently urged officers to use their weapons against criminals with “complete confidence” and aggressively defended the use of lethal force in security operations. In tandem, the appointment procedure for judges has been weakened, raising concerns that appointments will be made based on political affiliation.

The aggressive use of force and the parallel weakening of the judiciary and other rule of law institutions in these three countries lays bare a raw political calculation: security requires action, not checks and oversight. In other words, you can either have security or you can respect human rights, but doing both is impractical. The international community, especially the United States, should put pressure on the governments of the region in order to change this calculation. Reducing impunity and focusing on institutional reform will go further in improving security than the fight-fire-with-fire approach that the governments of the region have adopted.

Post navigation

Disclaimer

The views expressed on this blog remain those of the individual authors and are not reflective of the official position of the Leitner Center for International Law and Justice, Fordham Law School or Fordham University.

Search for:

Subscribe

Enter your email address to subscribe to this blog and receive notifications of new posts by email.